should I be worried about this…?
https://stackoverflow.com/questions/9276489
-
29-04-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I tried pushing onto a git repo on my server, so I thought I did something like this
git remote add games@games.com
When I should have done
git remote add games@gamesThatAreFunEtc.com
Anyway I thought it was weird that it asked for my password but not realizing what was happening I gave it. I think the site also got my private key as it probably tried to use my key in ~/.ssh first.
Should I now change my password and/or rsa key? Does doing something like that log an incorrect password attempt with the incorrect pass or the rsa key? Should I worry that if it does, the owner of the site will try to break into my site?
Also as it's not obvious from the login attempt what my site name actually is, am I fretting for nothing? Can I assume he won't try every combination of domains that start with games
Solution
First of all, it's good that you noticed your error and that you care enough to ask this question here. I'd assume most people would get back to business and not worry.
- your RSA key is safe, as it is only used in a challenge-response query to verify if it matches any saved public keys, it is not transmitted to the server
- you should change your password, as a malicious server could have logged it
You probably don't have to worry about the owner of the site breaking into yours. Usually ssh-server do not log passwords. I would change my password anyway, just to be safe.
In the future, try to heed the warnings ssh gives you (in your case probably a missing known_hosts entry) and take them seriously instead of mindlessly pressing 'yes'.
OTHER TIPS
EDIT: As pointed out, since you entered your password when connecting to the unknown site, change it.
As to your private key, its fine as long as it doesn't share the same password - at most the remote site would have got a sniff of your public key only, your intended username, and ip your were using. The likelihood that someone at that address is actively monitoring the single 'failed connection' log line, or doing anything insidious is very, very, very small.
If you need more encouragement, and want more information about how such transactions typically go down, google "diffie/hellman key exchange".
